Some NASA System Safety background (from PRA guidebook):HISTORIC BACKGROUNDProbabilistic Risk Assessment (PRA) is a comprehensive, structured, and logical analysismethod aimed at identifying and assessing risks in complex technological systems for thepurpose of cost-effectively improving their safety and performance. NASA’s objective is torapidly become a leader in PRA and to use this methodology effectively to ensure mission andprogrammatic success, and to achieve and maintain high safety standards at NASA. NASAintends to use PRA in all of its programs and projects to support optimal management decisionfor the improvement of safety and program performance.Over the years, NASA has been a leader in most of the technologies it has employed in itsprograms. One would think that PRA should be no exception. In fact, it would be natural forNASA to be a leader in PRA because, as a technology pioneer, NASA uses risk assessmentand management implicitly or explicitly on a daily basis. Many important NASA programs,like the Space Shuttle Program, have, for some time, been assigned explicit risk-based missionsuccess goals.

Methods to perform risk and reliability assessment in the early 1960s originated in U.S.aerospace and missile programs. Fault tree analysis (FTA) is such an example. It would havebeen a reasonable extrapolation to expect that NASA would also become the first world leader inthe application of PRA. That was, however, not to happen.Legend has it that early in the Apollo project the question was asked about the probability ofsuccessfully sending astronauts to the moon and returning them safely to Earth. A risk, orreliability, calculation of some sort was performed and the result was a very low successprobability value. So disappointing was this result that NASA became discouraged from furtherperforming quantitative analyses of risk or reliability until after the Challenger mishap in 1986.Instead, NASA decided to rely on the Failure Modes and Effects Analysis (FMEA) method forsystem safety assessments. To date, FMEA continues to be required by NASA in all its safetyrelatedprojects.

In the meantime, the nuclear industry picked up PRA to assess safety almost as a last resort indefense of its very existence. This analytical method was gradually improved and expanded byexperts in the field and has gained momentum and credibility over the past two decades, not onlyin the nuclear industry, but also in other industries like petrochemical, offshore platforms, anddefense. By the time the Challenger accident occurred, PRA had become a useful and respectedtool for safety assessment. Because of its logical, systematic, and comprehensive approach, PRAhas repeatedly proven capable of uncovering design and operation weaknesses that had escapedeven some of the best deterministic safety and engineering experts. This methodology showedthat it was very important to examine not only low-probability and high-consequence individualmishap events, but also high-consequence scenarios which can emerge as a result of occurrenceof multiple high-probability and nearly benign events. Contrary to common perception, the latteris oftentimes more detrimental to safety than the former.

Then, the October 29, 1986, “Investigation of the Challenger Accident,” by the Committeeon Science and Technology, House of Representatives, stated that, without some means ofestimating the probability of failure (POF) of the Shuttle elements, it was not clear howNASA could focus its attention and resources as effectively as possible on the most criticalShuttle systems.In January 1988, the Slay Committee recommended, in its report called the “Post-ChallengerEvaluation of Space Shuttle Risk Assessment and Management,” that PRA approaches beapplied to the Shuttle risk management program at the earliest possible date. It also stated thatdatabases derived from Space Transportation System failures, anomalies, flight and test results,and the associated analysis techniques should be systematically expanded to support PRA, trendanalysis, and other quantitative analyses relating to reliability and safety.As a result of the Slay Committee criticism, NASA began to try out PRA, at least in a “proof-ofconcept”mode, with the help of expert contractors. A number of PRA studies were conducted inthis fashion over the next 10 years.On July 29, 1996, the NASA Administrator directed the Associate Administrator, Office ofSafety and Mission Assurance (OSMA), to develop a PRA tool to support decisions on thefunding of Space Shuttle upgrades. He expressed unhappiness that, after he came to NASA in1992, NASA spent billions of dollars on Shuttle upgrades without knowing how much safetywould be improved. He asked for an analytical tool to help base upgrade decisions on risk. Thistool was called Quantitative Risk Assessment System, and its latest version, 1.6, was issued inApril 2001 [1].